[19908] in bugtraq
Re: SCO 5.0.6 MMDF issues (sendmail 8.9.3)
daemon@ATHENA.MIT.EDU (Valdis Kletnieks)
Wed Mar 28 14:19:18 2001
Mime-Version: 1.0
Content-Type: multipart/signed; boundary="==_Exmh_-1596798778P";
micalg=pgp-sha1; protocol="application/pgp-signature"
Content-Transfer-Encoding: 7bit
Message-ID: <200103281526.f2SFQcA21720@foo-bar-baz.cc.vt.edu>
Date: Wed, 28 Mar 2001 10:26:38 -0500
Reply-To: Valdis.Kletnieks@VT.EDU
From: Valdis Kletnieks <Valdis.Kletnieks@VT.EDU>
X-To: "Secure Network Operations , Inc." <recon@SNOSOFT.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: Your message of "Tue, 27 Mar 2001 13:39:54 +0100."
<4.2.2.20010327133912.022a8048@mail.snosoft.com>
--==_Exmh_-1596798778P
Content-Type: text/plain; charset=us-ascii
On Tue, 27 Mar 2001 13:39:54 +0100, "Secure Network Operations , Inc." <recon@SNOSOFT.COM> said:
> Topic: SCO 5.0.6 MMDF issues (sendmail 8.9.3)
Umm... MMDF has nothing to do with Sendmail 8.9.3, as far as I know. I've
been alpha/beta testing Sendmails since 8.9.0 and don't remember any MMDF
in there.
> version 2.43.3b of MMDF. The sendmail 8.9.3 binary has poor handling of
> command line arguments resulting in a buffer overflow.
> /opt/K/SCO/MMDF/2.43.3b/usr/lib/sendmail `perl -e 'print "A" x 3000'`
Are you sure that this is not an MMDF binary installed as /usr/lib/sendmail
as a submission agent, to provide compatibility with scripts and programs
that think /usr/lib/sendmail can be used to submit mail?
--
Valdis Kletnieks
Operating Systems Analyst
Virginia Tech
--==_Exmh_-1596798778P
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.8
Comment: Exmh version 2.2 06/16/2000
iQA/AwUBOsICrnAt5Vm009ewEQKNMwCggSvsxAmc1uivhe6ppPjZ8cZTtvEAnRkX
giVs/YDlzSvqzhELiWMIIaOl
=HViS
-----END PGP SIGNATURE-----
--==_Exmh_-1596798778P--
